Solved

How to involve IP address and/or Mac address in NAT rule

Posted on 2004-10-06
1
215 Views
Last Modified: 2010-08-05
My server (Linux redhat) is providing NAT service to my LAN using this rule

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

eth0 is my LAN card interface
eth1 is the public LAN card interface

My question is how to provide NAT service only to one LAN workstation (192.168.0.8) and involve MAC address in this rule to avoid internal hackers using that IP.

Thanks to you all !
0
Comment
Question by:diordonez
1 Comment
 
LVL 12

Accepted Solution

by:
mburdick earned 250 total points
ID: 12243929
While you can accomplish what you want easily, you should be warned that you aren't adding much security to your network.

If a user is smart enough to hard-code an IP to get access, it's likely that they can also override the MAC on their NIC as well. And, your security controls still don't stop them.

A sample of an IPTABLES rule that allows you to integrate a source MAC is:

-A FORWARD -s 172.20.20.11  -i eth0 -m mac --mac-source 00:00:00:00:00:00 -j ACCEPT
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Request - a simple step-by-step guide how to setup pfSense in Vmware. 4 90
info required for port scans 1 44
Static IP 5 81
increase internet speed 3 83
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now